Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Speculation
Re: Wall Observer BTC/USD - Bitcoin price movement tracking & discussion
by
Gachapin
on 28/12/2024, 02:30:05 UTC
Quote from: JayJuanGee on December 27, 2024, 07:23:10 PM
Quote from: Gachapin on December 27, 2024, 07:27:30 AM
Quote from: JayJuanGee on December 27, 2024, 12:33:06 AM
Quote from: Gachapin on December 25, 2024, 10:22:16 AM
Quote from: JayJuanGee on December 24, 2024, 07:32:40 PM
....At the same time, I would suggest that you are wrong in regards to your description of the vulnerability being ameliorated by having a stronger pin number, which I believe hardly does shit if someone has  physical access to the device with a non-secure element.  
....
no no JJG .... The PIN is used to encrypt the seed on your device. A strong (long) PIN cannot be cracked via brute force, so it's not possible to decrypt your seed when someone gets hold of your device.
That's why Trezor enabled PINs with 50 digit length (maybe longer), when they fixed the vulnerability of physical access a few years ago.  

Means, if your PIN is long enough (has enough entropy) nobody can get the seed out of your device.
No (un)secure element needed !
I recall that the security breach of having physical access to the Trezor was from several years ago, and I thought that the ONLY remedies was avoiding physical access to the Trezor and/or having a passphrase, as is stated in this Kraken Blog article.  The Article describes brute forcing the pin too, yet I cannot recall the pin being less vulnerable based on length and complication, even though what you say makes sense if they have to brute-force the pin, too.

Until I see something more clear, I will have to take what you are saying about the creation of a more robust pin (as the solution to the problem) with a grain of salt.
haha no need to trust me.... that the PIN protects your Trezor against physical attacks by encrypting the seed is written in the adtual article you posted yourself...  

Quote
We then crack the encrypted seed, which is protected by a 1-9 digit PIN, but is trivial to brute force.
https://blog.kraken.com/product/security/kraken-identifies-critical-flaw-in-trezor-hardware-wallets

Again, that's why Trezor upped the possible PIN length to 50 digits (166 Bits), so there is no possibility to brute force anymore.

If that 2020 article is proclaiming that changing the pin number protects you from attack, then why did they not list such protection in their suggestions? Here's what the article says:



Maybe there is a newer article going into such details that describe how making a more sophisticated pin code helps?  or prevents hack-ability, as you seem to want to proclaim.

...because at that time the Trezor didn't offer the possibility of a longer PIN yet  Roll Eyes

c'mon JJG it can't be that hard to understand!